security:securecode
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
security:securecode [2015/04/10 14:45] Luke Hinds [OSSG Developer Guidelines] |
security:securecode [2015/04/29 12:21] (current) Marcel Winandy Added link to IEEE CSD Avoiding Top 10 Security Flaws |
||
|---|---|---|---|
| Line 9: | Line 9: | ||
| ===== Gerrit Security Impact Code Review ===== | ===== Gerrit Security Impact Code Review ===== | ||
| - | We also strongly recommend to make use of the Gerrit secure code review tag we have. Any commit or comment to gerrit with the words 'SecurityImpact' will automatically email the security group for comment. | + | We also strongly recommend to make use of the Gerrit secure code review tag we have. Any commit (or commit amend) with the words 'SecurityImpact' will automatically email the security group for gerrit based review. |
| ==== Help review! ==== | ==== Help review! ==== | ||
| Line 16: | Line 16: | ||
| - | ===== CWE/SANS Top 25 Most Dangerous Programming Errors ===== | + | ===== CWE/SANS Top 25 ===== |
| - | A very good reference to for those new (and old) to secure coding conventions, is the CWE/SANS Top 25 Most Dangerous Programming Errors. The CWE give real world examples, of exactly how insecure code can be exploited. | + | A very good reference for those new (and old) to secure coding conventions, is the CWE/SANS Top 25 Most Dangerous Programming Errors. The CWE give real world examples, of exactly how insecure code can be exploited. |
| Below is a simplified list, with a link to the CWE page that contains greater detail. | Below is a simplified list, with a link to the CWE page that contains greater detail. | ||
| Line 181: | Line 181: | ||
| http://cwe.mitre.org/data/definitions/602.html | http://cwe.mitre.org/data/definitions/602.html | ||
| - | |||
| - | |||
| - | |||
| ===== Other useful reference sources ===== | ===== Other useful reference sources ===== | ||
| Line 189: | Line 186: | ||
| You may find the following resources also very helpful. | You may find the following resources also very helpful. | ||
| + | ==== OSSG Developer Guidelines ==== | ||
| + | |||
| + | The OSSG (OpenStack Security Group) have authored a very good set of guidelines (mostly specific to python). These can be found on Robert Clarks [[https://github.com/openstack-security/Developer-Guidance|Github repository]] | ||
| ==== OWASP ==== | ==== OWASP ==== | ||
| Line 203: | Line 203: | ||
| - | ===== CERT ===== | + | ==== CERT ==== |
| The CERT standards are a very good free resource. Languages covered are C, C++, Java, Perl. It is currently hosted on a confluence space at cert [[https://www.securecoding.cert.org/confluence/display/seccode/CERT+Coding+Standards |over here]] | The CERT standards are a very good free resource. Languages covered are C, C++, Java, Perl. It is currently hosted on a confluence space at cert [[https://www.securecoding.cert.org/confluence/display/seccode/CERT+Coding+Standards |over here]] | ||
| - | ===== safecode ===== | + | ==== safecode ==== |
| The [[http://www.safecode.org/publication/SAFECode_Dev_Practices0211.pdf|Safe Code Development Practices guide]] | The [[http://www.safecode.org/publication/SAFECode_Dev_Practices0211.pdf|Safe Code Development Practices guide]] | ||
| + | |||
| + | ==== IEEE Computer Society's Center for Secure Design (CSD) ==== | ||
| + | |||
| + | [[http://cybersecurity.ieee.org/center-for-secure-design/avoiding-the-top-10-security-flaws.html|Avoiding the Top 10 Security Flaws]] | ||
security/securecode.1428677149.txt.gz ยท Last modified: 2015/04/10 14:45 by Luke Hinds
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
